Cisco Support Community
Showing results for 
Search instead for 
Did you mean: 

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. And see here for current known issues.

New Member

Cannot configure SSL VPN from CCP for IOS router

Hi folks,

Can someone please tell me what I did wrong to configure SSL VPN while using CCP. I have 1841 router running c1841-advsecurityk9-mz.124-24.T2.bin. Having it preconfigured for CCP I connected to the router and trying to create a new SSL VPN. In response I see the error message saying that I have to configure a persistent self-signed certificate. This is what is not clear to me, I have already created it. This is what I have in router running config:

crypto pki trustpoint TP-self-signed-2993568318
enrollment selfsigned
subject-name cn=IOS-Self-Signed-Certificate-2993568318
revocation-check none
rsakeypair TP-self-signed-2993568318
crypto pki certificate chain TP-self-signed-2993568318
certificate self-signed 03
  30820254 308201BD A0030201 02020103 300D0609 2A864886 F70D0101 04050030
  ........ (omitted for brevity)........
  A9C14004 16AF46DB 7FAC044E 90F69E0D 6758D494 9F7AE48E

How come CCP doesn't recognize it? And moreover, if I generate it from CCP the following code is delivered to the router config

crypto ca trustpoint GIBSGW_Certificate
rsakeypair GIBSGW_Certificate_RSAKey 512
subject-name, OU=IT, O=GIB, ST=BC, C=CA
ip-address none
enrollment selfsigned
serial-number none

and next time I try to create a new SSL VPN it starts over again, namely saying that I don't have the self-signed certificate. And somehow I see that more lines showed in the router's config:

crypto pki trustpoint test_trustpoint_config_created_for_sdm

revocation-check crl

crypto pki certificate chain test_trustpoint_config_created_for_sdm

What does test_trustpoint_config_created_for_sdm have to do with it?

Please help, banging my head and pulling my hair !!!


CreatePlease login to create content